Feeds

Attacks exploit unpatched weakness in Adobe apps

Ham-handed PDF peril from Zeus

Top 5 reasons to deploy VMware with Tegile

Criminals behind the notorious Zeus crimeware package have begun exploiting an unpatched hole in the widely used portable document format to install malware on end user computers.

The booby-trapped PDF documents arrive in emails that purport to contain a billing invoice, according to a post from M86 Security Labs. If the user opens the documents and clicks through a series of dialog boxes, PDF readers from Adobe will execute a file that makes the PC a part of a botnet (The FoxIT reader will automatically save the malicious file on the user's hard drive.)

The exploit is a ham-handed exploit of a feature included in the PDF specification that allows documents to automatically run code. That's because it requires javascript to be turned on and it doesn't alter the wording of one of the dialog boxes, as security researcher Didier Stevens showed was possible.

"This is why I would classify this attack attempt as rudimentary at best, with little to no real sophistication," Jeremy Conway, another researcher who modified Stevens' attack, wrote here. "If this was the best the malicious actors have to offer we would have nothing to worry about, but I am afraid this is only the beginning and I am sure we will see far more sophisticated attempts at exploiting the Launch action in the future."

Adobe has said it is mulling changes to its Reader and Acrobat programs to close the hole. Users in the meantime can protect themselves by turning off the automatic launch feature. To do this, go to Edit > Preferences and click on Trust Manager in the left pane. Then, uncheck the box for "Allow opening of non-PDF file attachments with external applications." ®

Remote control for virtualized desktops

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.